FindPage
View Source:
KnowledgeBase/FreeBSD/SiteBan
Note:
You are viewing an old version of this page.
View the current version.
Set up a webserver on a local IP alias. Preferrably something nobody else listens on. I use 127.0.0.44. I wrote a tiny, quick webserver to serve static pages. It's written in PHP, and can serve nearly a million pages per minute. It's available under [PartyVan]. ban: <verbatim> #!/bin/sh # IPFW binary ipfw="/sbin/ipfw" # Index prefix of autoban rules prefix="44???" if [ -z "${1}" ] then echo "Usage: ${0} <ip>" exit 64 fi if [ "$(id -u)" -ne 0 ] then echo "Must be run as root." exit 32 fi luser="${1}" # Determine if the IP is already banned banned=$( ${ipfw} list | egrep "^${prefix}" | grep "from ${luser}" | cut -d" " -f1 | sort ) if [ -n "${banned}" ] then echo "Already banned, in rule(s): ${banned}" exit 16 fi # Obtain biggest index last=$( ${ipfw} list | egrep "^${prefix}" | cut -d" " -f1 | sort | tail -n 1 ) # Is it an index? if [ -z "${last}" ] then # Populate it with a sane value index="$( echo "${prefix}" | tr '?' '0' )" else # Increment index="$(( "${last}" + 1 ))" fi rule="${index} fwd 127.0.0.44 tcp from "${luser}" to any 80 in recv fxp0" ${ipfw} add ${rule} </verbatim> unban: <verbatim> #!/bin/sh # IPFW binary ipfw="/sbin/ipfw" # Index prefix of autoban rules prefix="44???" if [ -z "${1}" ] then echo "Usage: ${0} <ip>" exit 64 fi if [ "$(id -u)" -ne 0 ] then echo "Must be run as root." exit 32 fi luser="${1}" # Determine if the IP is already banned banned=$( ${ipfw} list | egrep "^${prefix}" | grep "from ${luser}" | cut -d" " -f1 | sort ) if [ -z "${banned}" ] then echo "Not banned. Check rulesets manually." exit 16 fi # Unban echo "Unbanning: ${banned}" ${ipfw} del ${banned} </verbatim> banlist: <verbatim> #!/bin/sh # IPFW binary ipfw="/sbin/ipfw" # Index prefix of autoban rules prefix="44???" if [ "$(id -u)" -ne 0 ] then echo "Must be run as root." exit 32 fi # Get list of banned IPs ${ipfw} list | egrep "^${prefix}" | cut -d" " -f1,6 | sort | while read number ip do echo "${number} -> ${ip}" done </verbatim> autoban: <verbatim> #!/bin/bash # autoban <ip> <template|default> pv_base="/home/admin/siteban/asshats" if [ "$(id -u)" -ne "0" ] then echo "Run me as root." exit 32 fi ip="${1}" template="${2:-autoban}" # Parameter check if [ -z "${ip}" ] then echo "Usage: $(basename "${0}") <ip> [template]" echo "Executes banishment of the specified IP, optionally using template" echo " as the ban message, or autoban if unspecified." exit 64 fi cd "${pv_base}" # Template validity check if [ ! -f "htdocs/${template}.html" ] then echo "Template ${template} doesn't exist. Defaulting to 'autoban'." template="autoban" fi echo "$(date "+%Y-%m-%d:%H:%M:%S") autoban: banned ${ip} using template ${template}" >> autoban.log logger -p security.notice -t autoban "banned ${ip} using template ${template}" ln -svf "${template}.html" "htdocs/${ip}.html" touch ".autoban/${ip}" ./ban "${ip}" </verbatim> ab_expire: <verbatim> #!/bin/bash # Run me from cron every few minutes or hours or whatever to auto-expire bans # Bans expire after one day expiry=86400 pv_base="/home/admin/siteban/asshats" if [ "$(id -u)" -ne "0" ] then echo "Run me as root." exit 32 fi cd "${pv_base}" now="$(date "+%s")" #logger -p security.notice -t autoban "Running ban expiry at $(date -r "${now}" "+%Y-%m-%d:%H:%M:%S")" ls -1 .autoban/* 2>/dev/null | while read ip do ip="$(basename "${ip}")" then="$(stat -f "%m" ".autoban/${ip}")" age="$(( ${now} - ${then} ))" consider # logger -p security.notice -t autoban "Considering ${ip} (${age}, $(date -r "${then}" "+%Y-%m-%d:%H:%M:%S") )" if [ "${age}" -ge "${expiry}" ] then echo "$(date "+%Y-%m-%d:%H:%M:%S") autoban: unbanned ${ip}" >> autoban.log logger -p security.notice -t autoban "autoban expired for ${ip}" ./unban "${ip}" rm -f ".autoban/${ip}" rm -vf "htdocs/${ip}.html" fi done </verbatim> kerban.php: <verbatim> <?php // Place a line similar to the following into sudoers to allow this to function: // www = (root) NOPASSWD: /usr/home/admin/siteban/asshats/autoban * // You must specify the full path to the autoban script, and NOPASSWD must be in effect, as www doesn't (or shouldn't) have a valid password. $ip=$_SERVER['REMOTE_ADDR']; shell_exec(sprintf('/usr/local/bin/sudo /usr/home/admin/siteban/asshats/autoban %s', escapeshellarg($ip))); header("Location: http://www.lslwiki.net/lslwiki/"); ?> </verbatim>